Abuse 2.26 CVE to gain heap overflow using tcache, then write to stdout data to leak libc, then tcache poison to write to `__free_hook`

Original writeup (https://github.com/joshdabosh/writeups/tree/master/2020-PoseidonCTF).